Hallam-Baker, Phillip said:
Unauthenticated executable content of any kind has no place in email. There
is no cause to send unsolicited and unauthenticated Java, Active-X or
Javascript. The <IMG> tag referencing an external object is causing a
programmed action I think it should be blocked by default as well.
HTML worked and works just fine without external references or executable
content.
+1, I agree strongly.
BTW it's even more complex now, since many legit mail-sending operations
consider "web bugs" (1x1 pixel external IMGs with an identifying tag)
to be good practice in measuring mail views. :(
--j.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg